<?php
require('functions/page_load.php');
require_once("../classes/class.phpmailer.php");

$tradesmen_nav = true;

// approve

if($_GET['action'] == 'activate_tradesman' && isset($_GET['id'])){

// activate / deactivate

	$sql = "SELECT user_id, active FROM tradesman WHERE id = '".mysql_real_escape_string($_GET['id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);

	$new_active = ($rs['active'] == '1') ? '0' : '1';

	$sql = "UPDATE tradesman SET active = '".$new_active."' WHERE id = '".mysql_real_escape_string($_GET['id'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());

if($new_active == '1'){

	$sql = "SELECT firstname, surname, email FROM users WHERE id = '".$rs['user_id']."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$user_rs=mysql_fetch_assoc($query);

	$mail = new PHPMailer();
	$mail->IsSMTP(); // telling the class to use SMTP
	$mail->Host = "localhost"; // SMTP server
	$mail->From = "mail@iwantatradesman.co.uk";
	$mail->FromName = "I Want A Tradesman";

	$mail->AddAddress($user_rs['email']);

	$mail->Subject = "Account approved";
	$mail->Body = "Dear ".$user_rs['firstname']." ".$user_rs['surname']."\r\n\r\nCongratulations! Your account has been approved, you now have access to a new stream of work.\r\n\r\nSo login now, update your profile and start quoting for jobs in your area!\r\n\r\nKind regards\r\n\r\nThe I Want A Tradesman Team\r\n\r\n\r\nThis email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.";

	$mail->Send();

}

}

// delete

if(isset($_GET['delete_tradesman'])){

	$sql = "SELECT user_id FROM tradesman WHERE id = '".mysql_real_escape_string($_GET['delete_tradesman'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rs=mysql_fetch_assoc($query);
	$user_id = $rs['user_id'];

	$sql = "DELETE FROM tradesman WHERE id = '".mysql_real_escape_string($_GET['delete_tradesman'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());

	$sql = "DELETE FROM users WHERE id = '".$user_id."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());

	$results = '<div class="success_result">Tradesman deleted successfully.</div>';

}


// ban

if(isset($_GET['ban'])){

	$sql = "UPDATE users SET banned = 1 WHERE id = '".mysql_real_escape_string($_GET['ban'])."'";
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());

	$results = '<div class="success_result">User banned successfully.</div>';

}

require('includes/header.php');
?>

<div class="side_container">
<h2 class="container_header">Filters</h2>

<ul>
<li><a href="tradesmen.php">Active tradesmen</a></li>
<li><a href="tradesmen.php?show=inactive">Tradesmen awaiting moderation</a></li>
</ul>

</div>

<div class="main_container_wrapper">

	<div class="main_container">
	<h2 class="container_header">Tradesmen</h2>
	
	<a href="add_tradesman.php" class="create_button">Create new tradesman</a>
	
	<?php echo $results; ?>
	
	<?php
	
	$where_clause = ($_GET['show'] == 'inactive') ? " AND active != 1" : " AND active = 1" ;
	
	$sql = "SELECT tradesman.id, company_name, tradesman.user_id, firstname, surname FROM tradesman 
			LEFT JOIN users ON tradesman.user_id = users.id 
			WHERE users.banned != 1".$where_clause."
			ORDER BY id DESC";
	
	$query=mysql_query( $sql ) or die ("Error in query: $sql . " . mysql_error());
	$rows = mysql_num_rows($query);
	
	if($rows > 0){
	
	echo '<table width="100%" cellpadding="0" cellspacing="0" class="cms_table paginate_table">';
	
	if($_GET['show'] == 'inactive'){
	echo '<thead><tr><th align="left">Tradesman</th><th align="left">User</th><th width="60">Approve</th><th width="60">Ban</th><th width="60">Delete</th></tr></thead>';
	$approve = 'Approve';
	}
	
	else{
	echo '<thead><tr><th align="left">Tradesman</th><th align="left">User</th><th width="60">Deactivate</th><th width="60">Ban</th><th width="60">Delete</th></tr></thead>';
	$approve = 'Deactivate';
	}
	
	echo '<tbody>';
	
		while($rs=mysql_fetch_assoc($query)){

		echo '<tr><td align="left"><a href="edit_tradesman.php?id='.$rs['id'].'">'.$rs['company_name'].'</a></td><td align="left"><a href="edit_user.php?id='.$rs['user_id'].'">'.$rs['firstname'].' '.$rs['surname'].'</a></td><td><a href="?id='.$rs['id'].'&amp;action=activate_tradesman">'.$approve.'</a></td><td><a onclick="confirm_ban(\'?ban='.$rs['user_id'].'&amp;tradesman_id='.$rs['id'].'\',\'this user\');" title="Ban"><img src="images/na.png" alt="Ban" /></a></td><td><a onclick="confirm_delete(\'?delete_tradesman='.$rs['id'].'\',\'this job\');" title="Delete"><img src="images/delete.png" alt="Delete" /></a></td></tr>';
		
		}
		
	echo '</tbody></table>';
	
	}
	
	else{
	
	echo '<p style="float: left; width: 100%; text-align: center;">There are currently no jobs awaiting moderation.</p>';
	
	}
	
	
	?>

	</div>

</div>
	
<?php
	require('includes/footer.php');
?>